<?php
/**
*btc列表
*/

require_once 'common.inc.php';

require_once MCC_ROOT.'/useroperation.inc.php';

$matches=parse_url($_SERVER['HTTP_REFERER']);

$userarray=array('username','realname','tentqq','email','password');

//$url=$matches['scheme'].'://'.$matches['host'].'/';
!in_array('0',$larr)&&adminmsg('你没有被赋予操作该项的权限！');
if('userlist'==$action)
{
	
	$limit=5;
	$page=intval($page)<1?1:intval($page);
	$start=(intval($page)-1)*$limit;
	$sql="select count(*) as num from bl_members";
	$query=$db->query($sql);
	$count=$db->fetch_array($query);
	$allpage=ceil($count['num']/$limit);
	$page=$page>$allpage?$allpage:$page;
	$url='user.inc.php?action='.$action.'&amp;';
	$pages=numofpage($count['num'],$page,$allpage,$url);
	$btclist=array();

	$sql="select * from bl_members limit $start,$limit";

	$query=$db->query($sql);
	while($user=$db->fetch_array($query))
	{
		$userlist[]=$user;
	}
	include_once MCC_ROOT.'/templates/msystem/userlist.htm';
}

elseif('useradd'==$action)
{
	$action='userdoadd';
	include_once MCC_ROOT.'/templates/msystem/useradd.htm';
}
elseif('userdoadd'==$action)
{
	if(!$username)
		adminmsg('没有填写用户名','user.inc.php?action=useradd');
	$sql="select * from bl_members where username='$username'";
	$query=$db->query($sql);
	if($db->fetch_array($query))
		adminmsg('该用户名已经存在','user.inc.php?action=useradd');
	if(!$password||$confirm!=$password)
		adminmsg('密码设置出错','user.inc.php?action=useradd');	
	$sql='insert into bl_members ';
	if($_POST['password'])
		$_POST['password']=md5($_POST['password']);
	$first=0;
    foreach($_POST as $key=>$value)
	{
		if($first)
		{
			if(in_array($key,$userarray))
			{
				$sqlkey.=",$key";
				$sqlvalue.=",'$value'";
			}
		}
		else
		{
		    if(in_array($key,$userarray))
			{
				$sqlkey=$sql. "( $key ";
				$sqlvalue=" values ('$value' ";
				$first=1;
			}
		}	
	}	
	$sql=$sqlkey.')'.$sqlvalue.')';
    $db->query($sql);
	$uid=$db->insert_id();

	$action='userdooperation';
	include_once MCC_ROOT.'/templates/msystem/useroperation.htm';
		
}
elseif('userdelete'==$action)
{
	$sql="delete from bl_members where uid='$uid'";
	$db->query($sql);
	adminmsg('删除成功','user.inc.php?action=userlist');	
	
}
elseif('useredit'==$action)
{
	$action='userdoedit';
	$ifreadonly='readonly="1"';
	if($uid)
	{
		$btclist=array();
		$sql="select * from bl_members where uid='$uid'";
		$query=$db->query($sql);
		$userdb=$db->fetch_array($query);
	}	
	include_once MCC_ROOT.'/templates/msystem/useradd.htm';
}
elseif('userdoedit'==$action)
{
	$sql="select username from bl_members where uid='$uid'";
	$query=$db->query($sql);
	$data=$db->fetch_array($query);
	if($username!=$data['username'])
		adminmsg('禁止修改用户名','user.inc.php?action=useredit&amp;uid='.$uid);
	if(!$password||$confirm!=$password)
		adminmsg('密码设置出错','user.inc.php?action=useredit&amp;uid='.$uid);	
	$uid=intval($uid);
	if($_POST['password'])
		$_POST['password']=md5($_POST['password']);
	if($uid)
	{
		$query=$db->query("select * from bl_members where uid='$uid'");
		$tempdb=$db->fetch_array($query);
		
		$sql='';
		$first=0;
		foreach($_POST as $key=>$value)
		{
			if(isset($tempdb[$key])&&$value!=$tempdb[$key]&&'username'!=$key)
			{
				if(!$first)
				{
					$sql.="$key='$value'";
					$first=1;
				}
				else
				{
					$sql.=" ,$key='$value'";
				}
			}
		}
		//$sql=substr($sql,0,-1);
		$sql&&$db->query("update bl_members  set $sql where uid='$uid'");
		//print $sql;
	}
	$action='userdooperation';
	$sql="select  allowoperation from bl_members where uid='$uid'";
	$query=$db->query($sql);
	$opt=array();
	$opt=$db->fetch_array($query);
	if($opt)
	{
		$optvalue=explode(':',$opt['allowoperation']);
	}
	include_once MCC_ROOT.'/templates/msystem/useroperation.htm';	
}
elseif('useroperation'==$action)
{
	$action='userdooperation';
	$sql="select allowoperation from bl_members where uid='$uid'";
	$query=$db->query($sql);
	$opt=array();
	$opt=$db->fetch_array($query);
	if($opt)
	{
		$optvalue=explode(':',$opt['allowoperation']);
		$i=0;
		foreach($optvalue as $num=>$sortlist){
			$result[$num]=explode(',',$sortlist);
		}
	}
	include_once MCC_ROOT.'/templates/msystem/useroperation.htm';	
}
elseif('userdooperation'==$action)
{
	$allowoperation='';
	$first=0;
	foreach($newopt as $value)
	{
		if($first)
			$allowoperation.=':'.$value;
		else
		{
			$first=1;
			$allowoperation=$value;
		}
	}
	
	$sql="update bl_members set allowoperation='$allowoperation' where uid='$uid'";
	$db->query($sql);
	adminmsg('权限设置成功','user.inc.php?action=userlist');	
}
?>